System Access best practices - Admin/Monitoring web apps imap etc
Hi all -
I'm looking for some best practices ideas -
I have a Centos 5.5 system (soon to be upgraded to 6.3)
It has a public IP on it, and right now, I only
allow port 80 from it on a few ip addresses (work, home)
and Horde webmail.
So what I'd like to do is extend that a bit -
I run Nagios and Cacti on it, and I'd like to have
access to those from anywhere, and
also possibly access to some code allowing me to ping,traceroute, etc
Is there a way I could do something like
browse to a hidden webpage perhaps on a nonstandard port, and once I've entered
a correct password/challenge phrase on that webpage, then
the system would allow connections from my current IP address to the Nagios/Cacti
webpages, and I could then enter authentication to access the Nagios pages.
I don't want to limit security to something as simple as a single layer of a .htpasswd file for accessing critical system info.
I also don't want to just implement a VPN service on the server, since not everyone who might access would have a client or technical knowhow/skills,
and I'm sometimes in environments that block outbound IPsec/SSL VPN traffic connections.